If you do your online banking with TESCO, or indeed have a credit card with them you may want to be on the lookout for the following website which is hosting a rather large tally of login pages. The site in question is

mrqos(dot)com(dot)au/kate/tess/tescr/login(dot)html

and that particular site was flagged not so long ago in the Zone-H defacement mirror, with “KEST” compromising it on or around the 15th of October, 2013.

Click to Enlarge

Here’s 100 or so identical HTML pages in one directory offering up a TESCO credit card login:

Click to Enlarge

Click to Enlarge

Click to Enlarge

All of the above pages present end-users with the following login screen:

Click to Enlarge

The page asks end-users to login to “Tesco bank online banking” with “credit card” mentioned in the top right hand corner. After entering a username, the page asks for more information in two stages:

….expiry date, cvv2, 6 digit security number and no less than three security questions.

In another directory, we have much the same thing – 100 or so pages of Tesco login portals:

Click to Enlarge

These pages are slightly different from the ones in the first directory, with mentions of credit cards removed – the focus here being on the online banking portion (tescobank(dot)com).

Click to Enlarge

It follows much the same pattern as the pages in the other directory, as you’d expect.

Click to Enlarge

It goes without saying – so I’m going to say it – that you should only ever log in on the homepage of your bank or credit card. Visiting it from URLs in emails or random messages sent your way just won’t cut the mustard – physically type in the URL, ensure there’s a padlock and the connection is encrypted. You won’t find padlocks or encryption on the above pages, for example.

Click to Enlarge

Here’s the tescobank website. Note the green bar, which you can click to confirm you’re on the real site and the connection is secure:

Click to Enlarge

I note since I started to write this entry that the site is now flagged as a confirmed Phish on Phishtank. Hopefully the admin will be able to fix up whatever lingering problem remains and set about a rather large clean-up operation…

ThreatTrack Security Labs is the power behind the malware analysis, detection and remediation technologies developed by ThreatTrack Security. From facilities in the United States and the Philippines, our team of cybersecurity professionals, malware researchers, engineers and software developers work around the clock to discover and combat Advanced Persistent Threats, targeted attacks, Zero-days and other sophisticated malware. The company develops advanced cybersecurity solutions that Expose, Analyze and Eliminate the latest malicious threats, including its ThreatSecure advanced threat detection and remediation platform, ThreatAnalyzer malware behavioral analysis sandbox, ThreatIQ real-time threat intelligence service, and VIPRE business antivirus endpoint protection. Learn more about ThreatTrack Security.